Edit report at http://bugs.php.net/bug.php?id=52018&edit=1
ID: 52018 Updated by: phi...@php.net Reported by: nospam at nospam dot homelinux dot org Summary: Probable cookie problem with 5.3.2 -Status: Open +Status: Feedback Type: Bug Package: HTTP related Operating System: Linux Debian 5.0.4 PHP Version: 5.3.2 New Comment: Maybe you can reproduce by isolating the phpBB "automatic logon" feature? Do the phpBB people have any ideas? I suspect they'd do a more efficient job finding this bug. Previous Comments: ------------------------------------------------------------------------ [2010-06-07 21:47:59] nospam at nospam dot homelinux dot org Description: ------------ There seems to be a problem with PHP 5.3.2: cookies are not working properly in some cases, for example when running PhpBB 3.0.5 (and probably other versions also). The reason **seems** to be that the $_COOKIE super global variable is not always populated with received cookies, and the most visible effect is that the users of my phpBB forum are not able to use the âautomatic logonâ feature of phpBB. However, a simple test case with the setcookie function works properly, so I donât know exactly what kind of cookie can trigger the bug. Downgrading to phpBB 5.2.13 or lower effectively fix the problem. I made multiple tries, using either 5.2.6, 5.2.13 or 5.3.2, either compiled by myself or installed from Debian packages, with or without the Debian security patches, while keeping the same php.ini configuration in all cases, and the result was always the same: - with 5.2.6 or 5.2.13, cookies are handled properly, and phpBB users can use the phpBB's automatic âautomatic logonâ feature. - with 5.3.2, cookies seem to be blocked, $_COOKIE is not populated (except maybe by as many empty strings as the number of expected cookies). The server also uses Apache 2.2.9 and MySQL 5.1.46, and I tried on two different Debian 5.0.4 configurations, one as 32 bits at my home and one as 64 bits in a datacenter. I used Wireshark for network sniffing, so I can tell that cookies are truely present in HTTP headers. I tracked the $_COOKIE variable by adding a "error_log(print_r($_COOKIE, true))" instruction near the beginning of the phpBB common code. Test script: --------------- I'm sorry, I don't know how to make a short test script showing the problem. I tried a short test with setcookie but it worked properly, even with 5.3.2. I suppose that there are some combined interactions within phpBB triggering this problem when they happen altogether. The only procedure that I can suggest is the following: - Install a phpBB server (download from http://www.php.net/) with the default configuration. - Create a user account with any name. - Try to login on this account. Don't forget to check the "Log me on automatically each visit" option when login. - Browse a little inside the forum, check that the connexion is kept by session ID. - Quit your browser, closing all of its Windows. - Reopen the browser, and open again the phpBB forum. Use the root address of the forum, without the session ID parameter. Expected result: ---------------- When opening the forum homepage, login should be already made, kept from previous session. This is what happens with 5.2.6 or 5.2.13. Actual result: -------------- Forum open correctly, but previous login is completely forgotten. This is what happens with 5.3.2. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=52018&edit=1
